CN1964262B - Information processing system and method of assigning information processing device - Google Patents

Information processing system and method of assigning information processing device Download PDF

Info

Publication number
CN1964262B
CN1964262B CN200610058399.4A CN200610058399A CN1964262B CN 1964262 B CN1964262 B CN 1964262B CN 200610058399 A CN200610058399 A CN 200610058399A CN 1964262 B CN1964262 B CN 1964262B
Authority
CN
China
Prior art keywords
address
terminal
information
management server
memory device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200610058399.4A
Other languages
Chinese (zh)
Other versions
CN1964262A (en
Inventor
金野正广
沟口幸信
福岛刚
高桥博史
三上隆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Ltd
Original Assignee
Hitachi Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Ltd filed Critical Hitachi Ltd
Publication of CN1964262A publication Critical patent/CN1964262A/en
Application granted granted Critical
Publication of CN1964262B publication Critical patent/CN1964262B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/305Authentication, i.e. establishing the identity or authorisation of security principals by remotely controlling device operation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/131Protocols for games, networked simulations or virtual reality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer And Data Communications (AREA)
  • Stored Programmes (AREA)
  • Debugging And Monitoring (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

For the first use of an authentication device, a remote machine makes a query of an address of a local machine to be permanently assigned to the remote machine, to which the authentication device is connected, to a management server. In response to the query, the management server determines the local machine to be permanently assigned to the remote machine and notifies the remote machine of an address of the local machine. The remote machine remotely controls the local machine specified by the address notified from the management server.

Description

The distribution method of information processing system and information processor
Technical field
The present invention relates to have through interconnected a plurality of information processors of network and remote operation terminal information treatment system, particularly to the distribution technique of remote operation terminal information processing unit.
Background technology
Open in the 2004-86241 communique the spy, disclose the technology that detects the intrasystem virus infections of LAN source.Use should technology; The client computer that gets in virus is when server computer is invaded with mail report virus; The access history of server computer obtains program, reports that from mail access history is collected in the access history data storehouse of the client computer in source, and analyzes.
In addition, in recent years, the information processing system of slim client computer (Thin-Client) is noticeable just gradually.In the information processing system of slim client computer; The desktop of the local machine (local machine) that in oneself or company, is provided with through remote machine (remote machine) remote operation of using on hand can use the various application programs that on local machine, load.In local machine, outside PC (Personal Computer), use the server (for example blade server) that does not have locally-attached input/output unit (keyboard, mouse and display).
Detecting under the situation of infected by computer virus, cutting off of the connection of this computer, preventing that the virus proof tech to the superinfection of other computers from being known network.In the information processing system of conventional thin client computer,, then can produce following problem as on local machine, using this virus proof tech.That is, can not visit local machine, therefore can not understand the state of local machine from remote machine because remote machine becomes.Here, be under the situation of PC at local machine, use locally-attached input/output unit on this this locality machine can be confirmed the state of this this locality machine immediately.But, when the server of the input/output unit that does not have the local machine of local connection, after the network connection is cut off, can not confirm the state of this this locality machine immediately.
In addition, in the information processing system of conventional thin client computer, distribute the address of local machine in advance to remote machine.Promptly distribute local machine to remote machine before use, can not efficient, flexible use the resource of local machine.
Summary of the invention
The present invention In view of the foregoing is suggested, and its objective is provides a kind of information processing system that can use the slim client computer of resource (local machine) effectively flexibly.In addition, a kind of information processing system of slim client computer that can understand the state of local machine from remote machine also is provided.
For addressing the above problem, first form of the present invention when (remote machine) uses information processor (local machine) for the first time at the terminal, is distributed to the address of self terminal information processing unit to the management server inquiry.Then, the terminal remote operation is by management server address notified specified message processing unit.
First form of the present invention provides a kind of information processing system, has management server and a plurality of terminal through the interconnected a plurality of information processors of network, the said information processor of management.Said management server has: the distribution state memory device, and it stores each the terminal distribution state in said a plurality of information processor; Allocation manager equipment; It is for request for allocation; Being illustrated in the terminal distribution state of storing in the said distribution state memory device is the address of the information processor of unallocated state; The terminal of notifying this request for allocation to send the source, and the terminal distribution state of this information processor of in said distribution state memory device, storing, never distribution state is updated to expression and should distributes to the state that this request for allocation is sent the terminal in source; The operate condition memory device, it stores each the operate condition in said a plurality of information processor; With the operate condition management equipment; Its each from said a plurality of information processors obtains operate condition, upgrades said operate condition memory device, for the notice of virus infections; Retrieval has the record of the network address of virus infections notification source from said operate condition memory device; Change to the virus infections state to the operate condition of in the field of the record that retrieves, logining, said terminal has: the address memory device, and it stores the address of said management server at least; Request for allocation equipment; It is when storage should be distributed to the address of self terminal information processing unit in the memory device of said address; Request for allocation is sent in address to the said management server in this address memory device, stored; Receive the address that distribute to self terminal information processing unit from said management server, be stored in the memory device of said address; And remote operation apparatus; When it stores the address that distribute to self terminal information processing unit in the memory device of said address; Address to this information processor is sent in the operation information of importing on the input unit at this terminal; Receive image information from this information processor, and on the display unit at this terminal, show.Said information processor has: the remote operation receiving equipment, and it receives operation information from said terminal, and the content of operation of representing according to this operation information carries out information processing, and sends its result's of expression image information to this terminal; Cut off equipment with network; It is used to detect the virus infections of self information processing unit, and after detecting virus infections, isolates and perhaps remove the virus that has infected, if said isolation or removing failure; Then notify said management server; Cut off the connection of self information processing unit to said network through the driver that stops said network of network interface card, wherein, said self information processing unit is away from said terminal.
Second form of the present invention provides a kind of management server, is used for management and distributes to the terminal information processing unit, has: the distribution state memory device, and it stores in a plurality of information processors the terminal distribution state of each; With allocation manager equipment; It is for request for allocation; Being illustrated in the terminal distribution state of storing in the said distribution state memory device is the address of the information processor of unallocated state; Send the terminal in source to this request for allocation and notify, and the terminal distribution state of this information processor of in said distribution state memory device, storing, never distribution state is updated to expression and should distributes to the state that this request for allocation is sent the terminal in source; The operate condition memory device, it stores each the operate condition in said a plurality of information processor; With the operate condition management equipment; Its each from said a plurality of information processors obtains operate condition; Upgrade said operate condition memory device; For the notice of virus infections, retrieval has the record of the network address of virus infections notification source from said operate condition memory device, changes to the virus infections state to the operate condition of in the field of the record that retrieves, logining.
The 3rd form of the present invention provides a kind of terminal; Be used for the information processor that remote operation is distributed by management server; Have: request for allocation equipment; It is when storage should be distributed to the address of self terminal information processing unit in the memory device of the address of the address of storing said management server at least; Send request for allocation for the address of the said management server of in this address memory device, storing, receive the address that distribute to self terminal information processing unit, be stored in the memory device of said address from said management server; And remote operation apparatus; When it stores the address that distribute to self terminal information processing unit in the memory device of said address; Address to this information processor is sent in the operation information of importing on the input unit at this terminal; Receive image information from this information processor, and on the display unit at this terminal, show.
The 4th form of the present invention provides a kind of distribution method of information processor, is used for having through the interconnected a plurality of information processors of network, the management server of managing said information processor and a plurality of terminal information treatment system to terminal distribution information.Said management server; For request for allocation; In said a plurality of information processors, be the terminal distribution state address of the information processor of unallocated state, send the terminal in source to this request for allocation and notify; And the terminal distribution state of this information processor, never distribution state is updated to expression and distributes to the state that this request for allocation is sent the terminal in source; For in said a plurality of information processors each is stored the action status information of said information processor; And each from said a plurality of information processors obtains operate condition; Upgrade said action status information; Notice for virus infections; Retrieval has the record of the network address of virus infections notification source from said action status information, changes to the virus infections state to the operate condition of in the field of the record that retrieves, logining.Said terminal stores the address of said management server at least; When storage should not distributed to the address of self terminal information processing unit, said management server is sent request for allocation, receive address and the storage that distribute to self terminal information processing unit from said management server; And when storing the address that distribute to self terminal information processing unit; Address to this information processor is sent in the operation information of importing on the input unit at this terminal; Receive image information from this information processor, and on the display unit at this terminal, show.Said information processor receives operation information from said terminal, and the content of operation of representing according to this operation information carries out information processing, and the image information of representing its result is sent to this terminal; And detect the virus infections of self information processing unit; And after detecting virus infections, isolate and perhaps remove the virus that has infected; If said management server is then notified in said isolation or removing failure, cut off of the connection of self information processing unit to said network through the driver that stops said network of network interface card; Wherein, said self information processing unit is away from said terminal.
Description of drawings
Fig. 1 is the skeleton diagram of the suitable remote desktop system of an example of the present invention.
Fig. 2 is the skeleton diagram of local machine 1.
Fig. 3 is the figure that is used to explain the action of local machine 1.
Fig. 4 is the skeleton diagram of management server 7.
Fig. 5 is the figure that schematically shows distribution state admin table 7042.
Fig. 6 is the figure that schematically shows operate condition admin table 7043.
Fig. 7 is the figure that is used to explain the action of management server 7.
Fig. 8 is the summary construction diagram of remote machine 2.
Fig. 9 is the figure that is used to explain the action of remote machine 2.
Figure 10 is the figure that is used to explain the action of remote machine 2.
Figure 11 is the skeleton diagram of authenticating device 6.
Figure 12 is the figure that is used to explain the action of authenticating device 6.
Figure 13 is the figure of the action example when being illustrated in the address that does not have login local machine 1 on the authenticating device 6, and the address of this this locality machine 1 is the address of really distributing to the remote machine 2 that has connected this authenticating device 6.
Figure 14 is illustrated on the authenticating device 6 login really to distribute to the address of the local machine 1 of the remote machine 2 that has connected this authenticating device 6, do not login under the situation of address of the local machine 1 that vacation distributes to this remote machine 2, and this true local machine that distributes 1 is because the figure of the action example of virus infections when cutting off network.
Figure 15 is illustrated on the authenticating device 6 login really to distribute to the address of the local machine 1 of the remote machine 2 that has connected this authenticating device 6, do not login under the situation of address of the local machine 1 that vacation distributes to this remote machine 2 figure of the action example when this true local machine 1 that distributes stops.
Figure 16 is illustrated on the authenticating device 6 under the situation of address of the false local machine 1 of distributing to the remote machine 2 that has connected this authenticating device 6 of login, the figure of the action example when the local machine 1 of really distributing to this remote machine 2 restores.
Embodiment
An example of the present invention is described below.
Fig. 1 is the skeleton diagram of the suitable remote desktop system (information processing system of slim client computer) of an example of the present invention.
As shown in the figure, the remote desktop system of this example has a plurality of local machine 1, a plurality of remote machine 2 and authenticating device 6, management server 7, file server 8.A plurality of local machine 1, management server 7 and file server 8 are connected as LAN (the Local Area Network) 4A of the internal network of structure in company etc. last.LAN4A is connected on the WAN (Wide Area Network) through router three A.Authenticating device 6 can be from remote machine 2 loading and unloading.Remote machine 2 is connected on the LAN4B as the external network that makes up in places to go such as hotel, stations.LAN4B connects WAN5 through router three B.
Local machine 1; And remote machine 2 between make up VPN (Virtual Private Network); Through this VPN; Receive and handle the input information (content of operation of input unit) that sends from remote machine 2, send the image information (desktop images of display unit) of expression result to remote machine 2 simultaneously.Local machine 1 is the computers that connection input/output unit ground uses in this locality usually such as blade server.
Fig. 2 is the skeleton diagram of local machine 1.As shown in the figure, local machine 1 has: CPU (Central Processing Unit) 101, the RAM (Random Access Memory) 102, the NIC (Network Interface Card) 103 that is used to connect LAN4A, HDD (Hard Disk Drive) 104, the flash of light ROM (Flash Read Only Memory) 105 that play a role as the service area of CPU101, generate the video card (Video Card) 107 of the image information of desktop, the bus B US that is connected with these 101~107 each several parts carried out the bridge 108 and the power supply 109 of relaying.
In flash of light ROM105, storage BIOS (Basic Input/Output System) 1050.CPU101 after power supply 109 drops into, at first carries out BIOS1050 through visit flash of light ROM105, discerns the system configuration of local machine 1.
In HDD104, store OS (Operating System) 1041, VPN traffic program 1042, remote server program 1043, virus checker 1044 and a plurality of application program 1045 at least.
OS1041 is the program of each program 1042~1044 of being used for by the each several part 102~109 of the local machine 1 of CPU101 Comprehensive Control, stating after carrying out.CPU101 abides by BIOS1050, loads OS1041 from HDD104 to RAM102 and carries out.Thus, the each several part 102~109 of the local machine 1 of CPU101 Comprehensive Control.
VPN traffic program 1042 be used for and remote machine 2 between make up the signal procedure of VPN.For example be to use the signal procedure of IPsec (Security Architecture for the Internet Protocol).CPU101 abides by OS1041, loads VPN traffic program 1042 from HDD104 to RAM102 and carries out.Thus, CPU101 abides by through NIC103 and begins request from the communication that remote machine 2 receives, and remote machine 2 between make up VPN, carry out and the communicating by letter of remote machine 2 through this VPN.
Remote server program 1043 is that to be used to make for example to be VNC (the Virtual Network Computing) server program of AT&T Cambridge research institute exploitation from the program of the desktop of the local machine 1 of remote machine 2 remote operations.CPU101 abides by OS1041, loads remote server program 1043 from HDD104 to RAM102 and carries out.Thus, CPU101 receives the input information (content of operation of keyboard and mouse) that sends from remote machine 2 through VPN and handles, and sends the image information (desktop images of display) of expression result through VPN to remote machine 2 simultaneously.
Virus checker 1044 is to be used for from RAM102 and HDD104 files stored, removing the program of virus.Each file and preprepared virus patterns that virus checker 1044 is relatively stored in RAM102 and HDD104, the computer virus infection of detection file.Then, from the file that detects, isolate perhaps dump virus.Under the situation that can not isolate or remove the computer virus that detects, to management server 7 notice virus infectionses, thereafter, to the driving of OS1041 request stopping NIC103, cut-out and LAN4A are connected.
In application program 1045, there are general Web browser, word processor, table to calculate supervisor.CPU101; Abide by OS1041; For the indication that receives from keyboard and mouse through I/O connector 106, or reply from the indication that remote machine 2 receives through remote server program 1043, load the application program 1044 of hoping to RAM102 from HDD104.Then, make the image information of the desktop images of video card 107 these execution results of reaction of formation, send to remote machine 2 through remote server program 1043.
In NIC103, load monolithic controller (one chip controller) 1031.Monolithic controller 1031 is kept watch on the power supply supply condition of power supply 109 to NIC103.Then, supply with under the situation of interrupting to the power supply of NIC103 at power supply 109, the power supply that the power supply of use and local machine 1 was arranged in 109 minutes makes the NIC103 action.In addition,, when the power supply of NIC103 is supplied with interruption, notify halted states, when not interrupting, notify running statuses to management server 7 to management server 7 at power supply 109 for the status enquiry that receives from management server 7.
Fig. 3 is the figure that is used to explain the action of local machine 1.In addition, this flow process was abideed by the program execution by CPU101 or monolithic controller 1031 originally.But here, simple for explaining, about the processing of CPU101, as executive agent, flow process is described with program.
Become movable application program 1045, after receiving input informations through NIC103 from remote machine 2 (is YES at S100), execution is to the processing (S101) of the content of operation (keyboard operation and mouse action) should input information represented.Then, make the image information of the desktop images of video card 107 reaction of formation results, this image information sends (S102) through NIC103 to remote machine 2.
In addition, virus checker 1044 behind the file that detects infective virus from RAM102 and HDD104 (is YES at S110), is carried out for this document and to be isolated or remove and handle (S111).Then, when isolating or remove failure (is NO at S112), send virus infectionses notices (S113) to management server 7, thereafter, stop the driver of the NIC103 that OS1041 just managing, cut off and be connected (S114) of LAN4A through NIC103.
In addition, monolithic controller 1031 is being inquired back (is YES at S120) through NIC103 from management server 7 accepting states, when the power supply of NIC103 is supplied with interruption (is NO at S121), notifies halted states (S123) to management server 7 at power supply 109.On the other hand, when the power supply supply of NIC103 is not interrupted (is YES at S121), notify running statuses (S122) at power supply 109 to management server 7.
Return Fig. 1 and continue explanation.Each distribution of a plurality of local machines 1 of management server 7 management to remote machine 2.
Fig. 4 is the skeleton diagram of management server 7.As shown in the figure, management server 7 has: CPU701, RAM702, the NIC703 that is used to connect LAN4A, HDD704, the flash of light memory 705, the I/O connector 706 that is used to connect keyboard and mouse that play a role as the service area of CPU701, be used to connect the video card 707 of display, the bus B US that is connected with these 701~707 each several parts carried out the bridge 708 and the power supply 709 of relaying.
In flash of light ROM705, store BIOS7050.CPU701 after power supply drops into, at first carries out BIOS7050 through visit flash of light ROM705, the system configuration of identification management server 7.
In HDD704, store OS7041, distribution state admin table 7042, operate condition admin table 7043, distribution state hypervisor 7044, operate condition hypervisor 7045 and inquire response program 7046 at least.
The program of the pass program 7044~7046 that OS7041 is the each several part 702~709 that is used for CPU701 comprehensive control management server 7, state after carrying out.CPU701 abides by BIOS7050, is loaded into OS7041 the RAM702 from HDD704 and carries out.Thus, the each several part 702~709 of CPU701 comprehensive control management server 7.
It in distribution state admin table 7042 assignment information of each local machine 1 this this locality machine 1 of storage.Fig. 5 is the figure that schematically shows distribution state admin table 7042.As shown in the figure, for each local machine 1 login record 70420.Field 70422 and other field 70423 of allocation classes of login local machine 1 of the network address with field 70421, login local machine 1 of the ID of login local machine 1.In distributing classification, " the true distribution ", " the false distribution " and " unallocated " are arranged." the true distribution ", expression remote machine 2 was by the state of permanent allocation." false distribute " is illustrated in the local machine 1 of giving " the true distribution " remote machine 2 because under the situation of reason such as maintenances and stopping period, this remote machine 2 is by the state of interim distribution.Then, " unallocated " represented the state that remote machine 2 is not assigned with as yet.
In operate condition admin table 7043, for the operate condition of each local machine 1 this this locality machine 1 of storage.Fig. 6 is the figure that schematically shows operate condition admin table 7043.As shown in the figure, be each local machine 1 login record 70430.The field 70433 of the field 70432 of the field 70431 that record 70430 has an ID of login local machine 1, the network address of login local machine 1 and the operate condition (one of " RUN ", " stopping " and " virus infections ") of login local machine 1.
Distribution state hypervisor 7044 is the programs that are used to manage the local machine 1 of distributing to remote machine 2.Distribution state hypervisor 7044 is used distribution state admin table 7042 and operate condition admin table 7043, when the local machine 1 of remote machine 2 distribution is given in decision, abides by decision content update distribution state admin table 7042.
Operate condition hypervisor 7045 is the programs that are used to manage the operate condition of local machine 1.Operate condition hypervisor 7045 obtains operate condition from each local machine 1, abides by the content update operate condition admin table of obtaining 7043.
Inquire response program 7046 is the programs that are used to reply the inquiry of remote machine 2.Inquire response program 7046 for status enquiry and the recovery inquiry from remote machine 2, obtains the operate condition of the local machine 1 of really distributing to this remote machine 2, when replying, upgrades operate condition admin table 7043.
Fig. 7 is the figure that is used to explain the action of management server 7.In this flow process, original, CPU701 carries out according to program.But here, simple for explaining, as main body, flow process is described with program.
Operate condition hypervisor 7045 is receiving virus infections notice back (YES in the S700 position) through NIC703 from local machine 1, and retrieval has the record 70430 of the network address of virus infections notification source from action condition management table 7043.Then, change to " virus infections " to the operate condition of login in the field 70433 of the record that retrieves 70430 (S701).
In addition; Distribution state hypervisor 7044; After receiving request for allocation from remote machine 2 (is YES at S710) through NIC703, be true request for allocation (is YES at S711) like this request for allocation, then the remote machine 2 true local machines 1 (S712) that distribute in this request for allocation source are given in decision.Specifically, the distribution classification of search field 70423 is the records 70420 of " unallocated " from distribution state admin table 7042.Then; Respectively write down 70420 for what retrieve; The record 70430 that the ID of retrieval login in field 70421 logins in field 70431 from action condition management table 7043, the record 70430 that perhaps network address of login is logined in field 70432 in field 70422, whether the operate condition of investigation login in the field 70433 of this record 70430 is " RUN ".At operate condition is under the situation of " RUN ", is set at this object record 70420 record 70420 of true distribution candidate.From the record 70420 of the true distribution candidate as above set, select one its decision is the true record 70420 that distributes.
Then, distribution state hypervisor 7044 is sent in ID and the network address (S714) of login in field 70421 and the field 70422 of record 70420 of true distribution to the remote machine 2 in this request for allocation source.In addition, be updated to " the true distribution " to the distribution classification of the field 70423 of the record 70420 of the true distribution of login in distribution state admin table 7042 from " unallocated " (S715).
On the other hand, distribution state hypervisor 7044, if be false request for allocation (is NO at S711) through NIC703 from the request for allocation that remote machine 2 receives, then the remote machine 2 false local machines 1 (S713) that distribute in this request for allocation source are given in decision.Specifically, the distribution classification of retrieval son field 70424 is the records 70420 of " unallocated " from distribution state admin table 7042.Then; Respectively write down 70420 for what retrieve; The record 70430 that the ID of retrieval login in field 70421 logins in field 70431 from action condition management table 7043, the record 70430 that perhaps network address of login is logined in field 70432 in field 70422, whether the operate condition of investigation login in the field 70433 of this record 70430 is " RUN ".At operate condition is under the situation of " RUN ", is set at the false record 70420 that distributes candidate to this object record 70420.From the vacation of as above setting distributes the record 70420 of candidate, select one, its decision is the false record 70420 that distributes.
Then, distribution state hypervisor 7044 is sent in ID and the network address (S714) of login in field 70421 and the field 70422 of the false record 70420 that distributes to the remote machine 2 in this request for allocation source.In addition, be updated to " the false distribution " to the distribution classification of the field 70423 of the record 70420 of the vacation of login in distribution state admin table 7042 distribution from " unallocated " (S715).
In addition, inquire response program 7046, after the notice of inquiring from remote machine 2 accepting states through NIC703 (is YES at S720), the state (S721) of the local machine 1 of this status enquiry notification source is really distributed in investigation.Specifically; The operate condition of in the field 70433 of this record 70430, logining obtained in the record 70430 that the record 70430 that the ID of the local machine 1 that retrieval comprises in the notice of this status enquiry from action condition management table 7043 logins in field 70431, the network address that perhaps in the notice of this status enquiry, comprises are logined in field 70432.
Then, inquire response program 7046, the operate condition that investigation obtains at S721 whether be " virus infections " (S722).When being " virus infections " at operate condition (is YES at S722), generating the expression operate condition is the inquiry response information of " virus infections ", and it is sent (S725) through NIC703 to the remote machine 2 of this status enquiry notification source.On the other hand, when not being " virus infections " at operate condition (is NO at S722), inquire response program 7046 is for the network address of the local machine 1 that in the notice of this status enquiry, comprises, through NIC703 transmit status inquiry (S723).Then, obtain operate condition, be updated to this operate condition of obtaining (S724) to the field 70433 of the record that retrieves at step S721 70430 from this this locality machine 1.In addition, generate the inquire response be illustrated in the operate condition (one of " RUN " and " stopping ") that S724 obtains, it is sent (S725) through NIC703 to the remote machine 2 of this status enquiry notification source.
In addition, inquire response program 7046, after receiving the notice of restoring inquiry through NIC703 from remote machine 2 (is YES at S730), whether the local machine 1 that this recovery inquiry notification source is really distributed in investigation restores.Specifically, for the network address of the local machine 1 of true distribution that in the notice of this recovery inquiry, comprises, through NIC703 transmit status inquiry (S731).Then; After obtaining operate condition from this this locality machine 1; The record 70430 that the ID of the local machine 1 of the true distribution that retrieval comprises in the notice of this recoverys inquiry from action condition management table 7043 login in field 70431, or the record 70430 in field 70432, logined of the network address of the local machine 1 of the true distribution that in the notice that recovery is inquired, comprises are updated to the operate condition of obtaining (S732) with the field 70433 of this record 70430.In addition, generate the inquire response be illustrated in the operate condition (one of " RUN " or " stopping ") that S732 obtains, it is sent (S733) through NIC703 to the remote machine 2 that this restores the inquiry notification source.
Then; Inquire response program 7046; When the operate condition that the inquire response of sending at the remote machine 2 to this recovery inquiry notification source is represented is " RUN " (is YES at S734), remove the remote machine 2 false local machines 2 (S735) that distribute that restore the inquiry notification source to this.The record 70420 that the network address of the local machine 1 that the record 70420 that the ID of the local machine 1 that the vacation that specifically, retrieval comprises in this recovery inquiry notice from distribution state admin table 7042 distributes logins in field 70421, the vacation that perhaps in this recovery inquiry notice, comprises distribute is logined in field 70422.Then, be updated to " unallocated " to the distribution classification of login in the field 70423 of the record that retrieves 70420 from " false distribution ".
Return Fig. 1 and continue explanation.Remote machine 2; And local machine 1 between make up VPN; Through this VPN, send the input information (content of operation of input unit) that is input to self remote machine 2 to this this locality machine 1, simultaneously; Receive image information (desktop images of display unit) from this this locality machine 1, it is shown on the display of self remote machine 2.In addition, remote machine 2 is obtained the network address of the local machine 1 of really distributing to self remote machine 2, login on authenticating device 6.In addition, cutting off when being connected, as required, obtaining the network address that the local machine 1 of self remote machine 2 is distributed in vacation, on authenticating device 6, logining with the network of the local machine 1 of really distributing to self remote machine 2.In addition, remote machine 2 is so-called no HDD type (HDD Less Type) PC, constitutes can local connect and network connects printer, external drive, external memory etc.That is, remote machine 2 constitutes and only can use locally-attached or network connects on local machine 1 printer, external drive, external memory etc.Through doing like this, reduce the possibility of the leakage of information that causes owing to stolen grade to remote machine 2.
Fig. 8 is the summary construction diagram of remote machine 2.As shown in the figure, remote machine 2 has: CPU201, RAM202, the NIC203 that is used to connect LAN4B, the USB port 204 that is used to connect authenticating device (USB device) 6, the flash of light ROM205, the I/O connector 206 that is used to connect keyboard and mouse that play a role as the service area of CPU201, be used to connect the video card 207 of display, the bus B US that is connected with these 201~207 each several parts carried out the bridge 208 and the power supply 209 of relaying.
In flash of light ROM205, store BIOS2050, OS2051, VPN traffic program 2052, remote client program 2053, request for allocation program 2054 and interrogator 2055 at least.
CPU201 after power supply 209 drops into, at first carries out BIOS2050 through visit flash of light ROM205, the system configuration of identification remote machine 2.
The program of each program 2052~2055 that OS2051 is the each several part 202~209 that is used for CPU201 Comprehensive Control remote machine 2, state after carrying out.CPU201 abides by BIOS2050, loads OS2051 from flash of light ROM205 to RAM202 and carries out.Thus, the each several part 202~209 of CPU201 Comprehensive Control remote machine 2.In addition, in the OS2051 of this example, use the software of the reduced size that packaging OS etc. can store in flash of light ROM205.
VPN traffic program 2052, be used for and have by the local machine 1 of remote client program 2053 address notified between make up the signal procedure of VPN, for example be to use the signal procedure of Ipsec.CPU201 abides by OS2051, loads VPN traffic program 2052 from flash of light ROM205 to RAM202 and carries out.Thus, CPU201, self remote machine 2 is true to be distributed or the false local machines that distribute 1 send communication request to giving through NIC203, and local machine 1 between make up VPN, carry out and the communicating by letter of local machine 1 through this VPN.
Remote client program 2053 is to be used for by the program of remote machine 2 from the desktop of the local machine 1 of accessing far away, for example is client computer (procedures of observation) program of VNC.CPU201 abides by OS2051, loads remote client program 2053 from flash of light ROM205 to RAM202 and carries out.Thus; CPU201; Passing through VPN when local machine 1 sends the input information (content of operation of keyboard and mouse) of I/O connector 206, export the image information (desktop images of display) that sends from this this locality machine 1 through VPN to the display (not shown) that on video card 207, connects.
In addition, remote client program 2053, the authentication processing below the above-mentioned processing of execution makes the CPU201 execution before.Be that CPU201 makes on video card 207 the display explicit user ID that connects and the pattern of the input of password, the input that receives ID and password from the user through the keyboard that on I/O connector 206, connects and mouse.Then, send the delegate user authentication to ID that receives and password to the authenticating device that on USB port 204, connects 6.Then, only under the situation that the user sets up, from the address of the local machine 1 of authenticating device 6 receptions, with its notice VPN traffic program 2052.
Request for allocation program 2054; Be the indication that is used for abideing by remote client program 2053, perhaps login on the authenticating device 6 really distribute to self remote machine 2 local machine 1 address and the false local machine 1 that distributes the address, or deletion on authenticating device 6 login, vacation distributes to the program of address of the local machine 1 of self remote machine 2.Interrogator 2055 is the indications that are used for abideing by remote client program 2053, really distributes to the program of operate condition of the local machine 1 of self remote machine 2 to management server 7 inquiries.
Fig. 9 and Figure 10 are the figure that is used to explain the action of remote machine 2.In addition, this flow process was abideed by the program execution by CPU201 originally.But, be purposes of simplicity of explanation here, as executive agent, flow process is described with program.
Remote client program 2053 makes the display explicit user ID of connection on video card 207 and the pattern of the input of password, receives ID and the password (S901) imported by the user through the keyboard and the mouse of connection on I/O connector 206.Then, send ID that receives and password to the authenticating device that on USB port 204, connects 6, entrust authentication (S902), receive authentication result (S903) from authenticating device 6.
Represent that in authentication result under the situation of authentification failure (is NO at S903), this flow process finishes.On the other hand, represent in authentication result under the situation of authentication success (is YES at S903) whether 2053 investigation of remote client program are the addresses (S905) of management server 7 with the address that receives from authenticating device 6 and authentication result.Under the situation of the address of authenticating device 6 receiving management servers 7 (is YES at S905), this authenticating device 6 be not used in the true distribution of the local machine 1 of remote machine 2 as yet.Promptly in the remote operation of carrying out through remote machine 2, do not use local machine 1.In this case, to the address of request for allocation program 2054 notice management servers 7, indicate the true distribution of local machine 1.
Receive and should indicate, request for allocation program 2054 is sent request for allocation (S906) through NIC203 to management server 7.Then; Request for allocation program 2054; If receive the address (S907) of the local machine 1 of really distributing to self remote machine 2 from management server 7 through NIC203; Then send through USB port 204 this address of the local machine 1 of distributing to self remote machine 2 to authenticating device 6, in authenticating device 6 logins, notice remote client program 2053 (S908).Remote client program 2053, to VPN traffic program 2052 notice from request for allocation program 2054 notices, really distribute to the address of the local machine 1 of self remote machine 2, the establishment of indication VPN.
Receiving should notice, VPN traffic program 2052 and really distribute between the local machine 1 of self remote machine 2 and establish VPN (S909).Remote client program 2053, through this VPN, the remote server program 1043 of the local machine 1 of self remote machine 2 is really distributed in associating, and the remote operation (S910) of the local machine 1 of self remote machine 2 is really distributed in beginning.
On the other hand, when not being the address from authenticating device 6 and authentication result receiving management server 7 together (is NO at S905), this address is the address of local machine 1.Whether therefore, remote client program 2053 is investigated this address and whether is the address of the local machine 1 of really distributing to self remote machine 2, perhaps be the address (S921) that the local machine 1 of self remote machine 2 is distributed in vacation.Whether in this address is really to distribute under the situation of address of local machine 1 of self remote machine 2 (is YES at S921); Remote client program 2053; Really distribute to this address of the local machine 1 of self remote machine 2, the establishment of indication VPN to VPN traffic program 2052 notice.
Receiving should notice, VPN traffic program 2052 and really distribute between the local machine 1 of self remote machine 2 and establish VPN (S922).If establishment success (is YES at S923); Then the remote client program 2053; Through this VPN, the remote server program 1043 of the local machine 1 of self remote machine 2 is really distributed in associating, and the remote operation (S924) of the local machine 1 of self remote machine 2 is really distributed in beginning.
At S922, under the situation that the establishment of 2052 couples of VPN of VPN traffic program is failed (S923), remote client program 2053 obtains the address of management server 7 from authenticating device 6.Then, notify the address of this management server 7 and the network address of the true local machine 1 that distributes to interrogator 2055, the indicating status inquiry.Receiving should inquiry, and interrogator 2055 generates the status enquiry of the network address of the local machine 1 that comprises true distribution, and this is sent (S931) through NIC203 to management server 7.
Then, interrogator 2055 is if receive inquire response (S932) from management server 7, then the operate condition notice remote client program 2053 that in this inquire response, comprises.Receive and should notify, remote client program 2053, whether investigation is " virus infections ", perhaps " stops " (S933) from the operate condition that interrogator 2055 receives, and (is YES at S933) finished this flow process when " virus infections ".On the other hand; When " stopping " (is NO at S933); Whether the affirmation picture that remote client program 2053 is distributed the vacation of the local machine 1 of display demonstration whether carrying out that on video card 207, connects is the indication (S934) of carrying out false distribution through keyboard and the mouse that on I/O connector 206, connects from user's reception.Then, not under the situation of the false indication that distributes order (is NO at S935) receiving, finish this flow process.On the other hand, carry out in reception under the situation of the false indication that distributes order (is YES at S935), remote client program 2053 obtains the address of management server 7 from authenticating device 6.Then, notify the address of this management server 7, indicate the vacation of local machine 1 to distribute to request for allocation program 2054.
Receive and should indicate, request for allocation program 2054 is sent false request for allocation (S936) through NIC203 to management server 7.Then; Request for allocation program 2054; If receive (S937) from management server 7 through NIC203; Then send false this address of distributing to the local machine 1 of self remote machine 2 through 204 authenticating devices of USB port 6, in authenticating device 6 logins, notice remote client program 2053 (S938).Remote client program 2053, to VPN traffic program 2052 notice from request for allocation program 2054 notices, vacation distributes to the address of the local machine 1 of self remote machine 2, the establishment of indication VPN.
Receiving should notice, VPN traffic program 2052 and the false local machine 1 of distributing to self remote machine 2 between establish VPN (S939).Remote client program 2053, through this VPN, associating is false distributes to the remote server program 1043 of the local machine 1 of self remote machine 2, and beginning is false distributes to the remote operation (S940) of the local machine 1 of self remote machine 2.
At S921; In the address that receives together from authenticating device 6 and authentication result (is NO at S921) under the situation of address of the vacation local machine 1 of distributing to self remote machine 2; Remote client program 2053 obtains the address of management server 7 and the network address of the true local machine 1 that distributes from authenticating device 6.Then, notify the address of this management server 7 and the network address of the true local machine 1 that distributes to interrogator 2055, inquiry is restored in indication.Receive to be somebody's turn to do and inquire, interrogator 2055 generates the address, the very recovery inquiry of the network address of the local machine 1 of distribution that comprise the false local machine 1 that distributes, and this is sent (S951) through NIC203 to management server 7.
Then, interrogator 2055, if receive inquire response (S952) from management server 7, the operate condition that then in this inquire response, comprises to remote client program 2053 notices.Receive and should notify, whether 2053 investigation of remote client program are that " RUN " perhaps " stops " (S953) from the operate condition that interrogator 2055 receives.When " RUN " (is YES at S953), from the false address (S954) of distributing to the local machine 1 of self remote machine 2 of authenticating device 6 deletion.Then, remote client program 2053 is really distributed to the address of the local machine 1 of self remote machine 2, the establishment of indication VPN to VPN traffic program 2052 notice.
Receiving should notice, VPN traffic program 2052 and really distribute between the local machine 1 of self remote machine 2 and establish VPN (S955).Remote client program 2053, through this VPN, the remote server program 1043 of the local machine 1 of self remote machine 2 is really distributed in associating, and the remote operation (S956) of the local machine 1 of self remote machine 2 is really distributed in beginning.
On the other hand, when the operate condition that receives from interrogator 2055 is " stopping " (is NO at S953), remote client program 2053, to the false address of distributing to the local machine 1 of self remote machine 2 of VPN traffic program 2052 notices, VPN is established in indication.
Receiving should indication, VPN traffic program 2052 and the false local machine 1 of distributing to self remote machine 2 between establish VPN (S961).Remote client program 2053, through this VPN, associating is false distributes to the remote server program 1043 of the local machine 1 of self remote machine 2, and beginning is false distributes to the remote operation (S962) of the local machine 1 of self remote machine 2.
In addition, in Fig. 9 and flow process shown in Figure 10, the information as specifying local machine 1 also can replace the network address, perhaps uses the ID of local machine 1 together with the network address.
Return Fig. 1 and continue explanation.Authenticating device 6 is carried out from the ID of remote machine 2 receptions and the authentication of password, notifies this authentication result to remote machine 2.Here; In the result is under the situation of authentication establishment; Authenticating device 6 and this authentication result together, on authenticating device 6 login the address; In identification its be management server 7 the address, be the true local machine 1 that distributes the address, or the address of the false local machine 1 that distributes in, to remote machine 2 notices.In addition, authenticating device 6 is abideed by the indication of the remote machine of setting up from authentication 2, carries out the login/deletion of the address of local machine 1.
Figure 11 is the skeleton diagram of authenticating device 6.As shown in the figure, authenticating device 6 has the USB adapter 601 and IC chip 602 that on the USB port 204 of remote machine 2, connects.
In IC chip 602, authentication storage information 6031, authentication procedure 6032, address table 6033 and address management 6034.Authenticating device 6 also can constitute can external flash of light memory, a part of data in this flash of light store memory storage IC chip 602.
Authentication information 6031 has ID and password (Password).
Authentication procedure 6032 is to use the program of the ID of remote machine 2 inputs that connect self authenticating device 6 and password and authentication information 6031 being carried out authentification of user.
In address table 6033, there are the true distribution clauses and subclauses and false of the address of the management server clauses and subclauses (entry) of the address of login management server 7, local machine 1 that the remote machine 2 that connects self authenticating device 6 is really distributed in login to distribute to the vacation distribution clauses and subclauses of address of the local machine 1 of this remote machine 2.In addition, under initial condition, the address of login management server 7 only in the management server clauses and subclauses, other clauses and subclauses are sky data.In addition, distribute clauses and subclauses and false the distribution in the clauses and subclauses true, also can with true distribute and the network address of the false local machine 1 that distributes is logined the ID of this this locality machine 1 together separately.
Address management 6034 is abideed by the indication of the remote machine 2 of connection self authenticating device 6, and in the true distribution clauses and subclauses of address table 6033, the address of the local machine 1 of this remote machine 2 is really distributed in login.In addition, distribute in the clauses and subclauses in the vacation of address table 6033, the false address of distributing to the local machine 1 of this remote machine 2 of login perhaps distributes deletion the clauses and subclauses to be disengaged the address of the local machine 1 that the vacation to this remote machine 2 distributes from vacation.
The USB adapter 601 of authenticating device 6 connects the USB port 204 of remote machines 2, thus from remote machine 2 behind authenticating device 6 supply powers, IC chip 602 is carried out authentication procedure 6032 and address managements 6034.Figure 12 is the figure that is used to explain the action of authenticating device 6.In addition, this flow process was abideed by the program execution by IC chip 602 originally.But, simple for explanation here, be executive agent with the program, flow process is described.
At first, authentication procedure 6032 after receiving authentication delegation from remote machine 2 (S601), compares (S602) to the ID and the password of the ID that in this authentication delegation, comprises and password and authentication information 6031.Under both inconsistent situation (is NO at S603),, finish this flow process to the invalid authentication result of remote machine 2 output expression authentications.On the other hand, under both consistent situation (is YES at S603), with reference to address table 6033, investigation distributes in the clauses and subclauses whether logined address (S610) in vacation.In vacation distribution clauses and subclauses, login under the situation that the address is arranged (is YES at S610); Authentication procedure 6032; The address and the false sign that distributes of expression of the local machine 1 that distributes the authentication result of expression authentication success and the vacation of in vacation distributes clauses and subclauses, logining are to remote machine 2 outputs (S611).Thereafter, when when remote machine 2 receives the indication of the address of the local machine 1 that vacation is distributed deleting (is YES at S612) at the appointed time, authentication procedure 6032 is with this order Notify Address hypervisor 6034.Receive and should notify, address management 6034 is deleted address (S613) from the vacation distribution clauses and subclauses of address table 6033.Finish this flow process thereafter.When not when remote machine 2 receives the indication of the address of the local machine 1 that vacation is distributed deleting (is NO at S612) at the appointed time, stop this flow process immediately.
On the other hand,, in vacation distribution clauses and subclauses, login under the situation that the address is arranged (is NO at S610) at S610, authentication procedure 6032, with reference to address table 6033, further whether investigation is logining address (S620) in true distribution clauses and subclauses.Login under the situation that the address is arranged (is YES at S620) in the clauses and subclauses in true the distribution; Authentication procedure 6032; The authentication result of expression authentication success with at true address and the true sign that distributes of expression that distributes the local machine 1 of the true distribution of logining in the clauses and subclauses, to remote machine 2 outputs (S621).Thereafter, when when remote machine 2 receives the address of the false local machine 1 that distributes (is YES at S622) at the appointed time, authentication procedure 6032 is with this address notification address management 6034.Receive and should notify, address management 6034 is logined the address (S623) that receives from authentication procedure 6032 in the vacation distribution clauses and subclauses of address table 6033.Finish this flow process thereafter.When not when remote machine 2 receives the address of the false local machine 1 that distributes (is NO at S622) at the appointed time, stop this flow process immediately.
At S620; Do not login in the clauses and subclauses under the situation that the address is arranged (is NO at S620) in true the distribution, authentication procedure 6032 is the authentication result of expression authentication success; With the address of in the management server clauses and subclauses of address table 6033, logining together, to remote machine 2 output (S630).Thereafter, authentication procedure 6032 is waited for the address (S631) that receives the true local machine 1 that distributes from remote machine 2, with this address notification address management 6034.Receive and should notify, address management 6034 is logined the address (S632) that receives from authentication procedure 6032 in the true distribution clauses and subclauses of address table 6033, finish this flow process.
In addition, on remote machine 2, load, carry out these programs, also can carry out flow process shown in Figure 12 by remote machine 2 by remote machine 2 through replacing on authenticating device 6, loading authentication procedure 6032 and address management 6034.Perhaps carry out, also can have remote machine 2 and authenticating device 6 to unite execution through a part of on remote machine 2, loading authentication procedure 6032 and address management 6034.
The summary action of the remote desktop system of explanation said structure below.
Figure 13 is the figure of the action example when representing not that the address of local machine 1 of the remote machine 2 that connects this authenticating device 6 is really distributed on authenticating device 6 login.
Remote machine 2 in user's input authentication information (ID and password) back (S301), generates the authentication delegation that comprises this authentication information, and it is sent (S302) to authenticating device 6.
Authenticating device 6 behind the authentication delegation of receiving remote machine 2, uses the authentication information 6031 of login on authenticating device 6 to carry out authentification of user (S303).Then, set up, then will represent the authentication result of this order,, send (S304) to remote machine 2 together with the address of the management server 7 of login on address table 6033 like authentication.
Remote machine 2 after the address with management server 7 together receives the authentication result of expression authentication success from authenticating device 6, sends true request for allocation (S305) to management server 7.
Management server 7 is after receiving true request for allocation from remote machine 2, and the local machine 1 of the remote machine of this true request for allocation is really distributed in decision, to the address (S306) that the local machine 1 in true request for allocation source sends this this locality machine 1.
Remote machine 2 is logined (S307) with it in the address table 6033 of authenticating device 6 behind the address that receives the local machine 1 of really distributing to self remote machine 2 from management equipment 6.In addition, remote machine 2 and really distribute between the local machine 1 of self remote machine 2 and establish VPN (S308).Then, use this VPN, the remote operation of the local machine 1 of self remote machine 2 is really distributed in beginning.Thus; The input user operates back (S309) on the input unit of remote machine 2; Send the input information (S310) of this content of operation of expression to the local machine of really distributing to self remote machine 21, the image information of the desktop images of reaction user's input information sends (S311) from the local machine 1 of really distributing to self remote machine 2 to self remote machine 2.
Figure 14 be illustrated on the authenticating device 6 login really distribute to the address of the local machine 1 of the remote machine 2 that connects this authenticating device 6, under the situation of the address of the false local machine 1 of distributing to this remote machine 2 of login, this true local machine that distributes 1 is because the figure of the action example of virus infections when cutting off network.
Remote machine 2 generates the authentication delegation that comprises this authentication information by user's input authentication information (ID and password) back (S321), and it is sent (S322) to authenticating device 6.
Authenticating device 6 uses the authentication information 6031 of login on authenticating device 6 to carry out authentification of user (S323) behind the authentication delegation of receiving remote machine 2.Then,, will represent that then the authentication result of this order is logined in address table 6033,, send (S324) to remote machine 2 together with the address of the true local machine 1 that distributes if authentication is set up.
Remote machine 2, receive the authentication result of expression authentication success together from authenticating device 6 in address with the local machine 1 of really distributing to self remote machine 2 after, attempt and should establish VPN between the true local machine 1 that distributes.But, under this situation, because should be cut off network by the true local machine 1 that distributes, so the establishment of VPN failure (S325).Therefore the status enquiry (S326) of the address of the local machine that comprises true distribution is sent to management server 7 in remote machine 2 address of obtaining management server 7 from authenticating device 6,
Management server 7 after the inquiry of remote machine 2 accepting states, generates the inquire response of the operate condition " virus infections " of the local machine 1 that comprises the true distribution with the address that in this status enquiry, comprises.Then, the remote machine 2 of this inquire response to this status enquiry source sent (S327).
Remote machine 2 shows the inquire response that comprises from the operate condition " virus infections " of management server 7 receptions.
Figure 15 be illustrated on the authenticating device 6 login really distribute to the address of the local machine 1 of the remote machine 2 that connects this authenticating device 6, under the situation of the address of the false local machine 1 of distributing to this remote machine 2 of login, the figure of the action example when this true local machine 1 that distributes stops.
Remote machine 2 generates the authentication delegation that comprises this authentication information by user's input authentication information (ID and password) back (S341), and it is sent (S342) to authenticating device 6.
Authenticating device 6 uses the authentication information 6031 of login on authenticating device 6 to carry out authentification of user (S343) behind the authentication delegation of receiving remote machine 2.Then,, will represent that then the authentication result of this order is logined in address table 6033,, send (S344) to remote machine 2 together with the address of the true local machine 1 that distributes if authentication is set up.
Remote machine 2, receive the authentication result of expression authentication success together from authenticating device 6 in address with the local machine 1 of really distributing to self remote machine 2 after, attempt and should establish VPN between the true local machine 1 that distributes.But, under this situation, because should stop by the true local machine 1 that distributes, so the establishment of VPN failure (S345).Therefore remote machine 2 is obtained the address of management server 7 from authenticating device 6, sends the status enquiry (S346) that is included in the ID that S341 receives to management server 7,
Management server 7 after remote machine 2 accepting states inquiries, generates the inquire response that the operate condition of the local machine 1 that comprises the true distribution with the address that in this inquiry, comprises " stops ".Then, this inquire response is sent (S347) to this status enquiry source.
Remote machine 2 shows to comprise the inquire response that " stops " from the operate condition of management server 7 receptions that the request user confirms that the vacation of whether carrying out local machine 1 distributes.Then, under the situation that the vacation of carrying out local machine 1 distributes, remote machine 2, the false request for allocation (S348) of sending the ID that is included in the S341 reception to management server 7.
Management server 7, after receiving false request for allocation from remote machine 2, decision is carried out the false local machine 1 that distributes then, sends (S349) to the remote machine 2 of the address of this this locality machine 1 to this vacation request for allocation source.
Remote machine 2 behind the address that receives the false local machine 1 of distributing to self remote machine 2 from management server 6, is logined (S350) with it in the address table 6033 of authenticating device 6.In addition, remote machine 2 and the false local machine 1 of distributing to self remote machine 2 between establish VPN (S351).Then, use this VPN, beginning is false distributes to the remote operation of the local machine 1 of self remote machine 2.Thus; The input user operates back (S352) on the input unit of remote machine 2; Local machine 1 from self remote machine 2 to adding that distribute to sends the input information (S352) of this content of operation of expression, and the local machine 1 that the image information of the desktop images of reaction user's input information distributes from vacation sends (S354) to self remote machine 2.
Figure 16 is when being illustrated on the authenticating device 6 address of the false local machine 1 of distributing to the remote machine 2 that connects this authenticating device 6 of login, the figure of the action example when the local machine 1 of really distributing to this remote machine 2 restores.
Remote machine 2 in user's input authentication information (ID and password) back (S361), generates the authentication delegation that comprises this authentication information, and it is sent (S362) to authenticating device 6.
Authenticating device 6 uses the authentication information 6031 of login on authenticating device 6 to carry out authentification of user (S363) behind the authentication delegation of receiving remote machine 2.Then, if authentication is set up, the authentication result that then will represent this order is sent (S364) with address login in address table 6033, the false local machine 1 that distributes to remote machine 2.
Remote machine 2; After the address of distributing to the local machine 1 of self remote machine 2 with vacation receives the authentication result of expression authentication successs from authenticating device 6 together; Obtain the address of management server 7 and the address of the true local machine 1 that distributes from authenticating device 6, send the recovery inquiry (S365) of the address of the address that comprises the false local machine 1 that distributes and the true local machine 1 that distributes to management server 7.
Management server 7 after receiving the recovery inquiry from remote machine 2, generates the inquire response of the operate condition " RUN " of the local machine 1 that is included in the true distribution that comprises in this inquiry.Then, this inquire response is sent (S366) to the remote machine 2 that this restores the inquiry source.
Remote machine 2 comprises in demonstration in the inquire response of the operate condition " RUN " that receives from management server 7, the false address (S367) of distributing to the local machine 1 of self remote machine 2 of deletion from authenticating device 6.In addition, obtain the address (S368) of the local machine 1 of really distributing to self remote machine 2, establish and really distribute to the VPN (S369) between the local machine 1 of self remote machine 2 from authenticating device 6.Then, use this VPN, the remote operation of the local machine 1 of self remote machine 2 is really distributed in beginning.Thus; The input user imports back (S370) on the input unit of remote machine 2; The input information of this content of operation of expression is sent (S371) to the local machine of really distributing to self remote machine 21, and the image information of the desktop images of reaction user's input information sends (S372) from the local machine 1 of really distributing to self remote machine 2 to self remote machine 2.
An example of the present invention more than has been described.
In this example; When using authenticating device 6 for the first time; Really distribute to the address of the local machine 1 of the remote machine 2 that connects this authenticating device 6 to management server 7 inquiry, management server 7 is accepted should inquiry, and the local machine 1 of this remote machine 2 is really distributed in decision.Therefore can efficient, flexible application resource (local machine 1).
In addition, in this example, detect under the situation of virus infections, after with this order notice management server 7, cut the network connection at local machine 1.Therefore, remote machine 2 through access management server 7, can be known the state of the local machine 1 of really distributing to self remote machine 2.
In addition, in this example, when the reason beyond the due to illness malicious infection of the local machine 1 of really distributing to remote machine 2 stops, can the false as required local machine 1 that distributes other.Therefore, can in the superinfection that effectively prevents virus, can improve the availability of system.
In addition, be not limited to the above-mentioned example of this example, in the scope of its purport, can realize various distortion.For example, in above-mentioned example, the interface of authenticating device 6 and remote machine 2 is not limited to USB.Authenticating device 6 is as long as ability and remote machine 2 can constitute.For example, can be constituted as as the PC card and can freely dismantle, perhaps also can on remote machine 2, not communicate with installing through using Bluetooth wireless near field communications such as (registered trade marks) with remote machine 2.
In addition, in this example, be that example is illustrated when communicating, but the present invention is not limited to this between local machine 1 and remote machine 2, to make up VPN.For example, between local machine 1 and remote machine 2, be present under the situation in the same LAN, also can not make up VPN, between local machine 1 and remote machine 2, communicate.

Claims (10)

1. an information processing system has management server and a plurality of terminal through the interconnected a plurality of information processors of network, the said information processor of management, it is characterized in that,
Said management server has:
The distribution state memory device, it stores each the terminal distribution state in said a plurality of information processor;
Allocation manager equipment; It is for request for allocation; Being illustrated in the terminal distribution state of storing in the said distribution state memory device is the address of the information processor of unallocated state; The terminal of notifying this request for allocation to send the source, and the terminal distribution state of this information processor of in said distribution state memory device, storing, never distribution state is updated to expression and should distributes to the state that this request for allocation is sent the terminal in source;
The operate condition memory device, it stores each the operate condition in said a plurality of information processor; With
The operate condition management equipment; Its each from said a plurality of information processors obtains operate condition; Upgrade said operate condition memory device, for the notice of virus infections, retrieval has the record of the network address of virus infections notification source from said operate condition memory device; Change to the virus infections state to the operate condition of in the field of the record that retrieves, logining
Said terminal has:
The address memory device, it stores the address of said management server at least;
Request for allocation equipment; It is when storage should be distributed to the address of self terminal information processing unit in the memory device of said address; Request for allocation is sent in address to the said management server in this address memory device, stored; Receive the address that distribute to self terminal information processing unit from said management server, be stored in the memory device of said address; With
Remote operation apparatus; When it stores the address that distribute to self terminal information processing unit in the memory device of said address; Address to this information processor is sent in the operation information of importing on the input unit at this terminal; Receive image information from this information processor, and on the display unit at this terminal, show
Said information processor has:
The remote operation receiving equipment, it receives operation information from said terminal, and the content of operation of representing according to this operation information carries out information processing, and sends its result's of expression image information to this terminal; With
Network cuts off equipment; It is used to detect the virus infections of self information processing unit, and after detecting virus infections, isolates and perhaps remove the virus that has infected, if said isolation or removing failure; Then notify said management server; Cut off the connection of self information processing unit to said network through the driver that stops said network of network interface card, wherein, said self information processing unit is away from said terminal.
2. information processing system according to claim 1 is characterized in that,
Said information processor also has:
Power supply is supplied with interrupt notification equipment, and its power supply that detects said information processor itself is supplied with and interrupted, and notifies said management server,
Said management server also has:
Inquire response equipment; It is for the notice of status enquiry; Use said distribution state memory device to confirm distribute to the terminal information processing unit of status enquiry notification source; When the operate condition of this information processor that is determined of in said operate condition memory device, storing is the virus infections state, with the operate condition of information processor be the virus infections state to the terminal of status enquiry notification source notice, be that power supply is when supplying with interrupt status at the operate condition of the said information processor that is determined; With the operate condition of information processor is that power supply is supplied with interrupt status to the terminal of status enquiry notification source notice; And, be that send to the terminal of status enquiry notification source the address of the information processor of unallocated state being illustrated in the terminal distribution state of storing in the said distribution state memory device
Said terminal also has:
Status enquiry equipment; Its not for be stored in the memory device of said address, to the address of distributing to self terminal information processing unit conduct interviews reply the time; Address notification status enquiry to the said management server in this address memory device, stored; Receive the false address of distributing to self terminal information processing unit from said management server, and be stored in the memory device of said address, wherein false allocation table is shown under the situation of the stopping period of really distributing to this terminal information processing unit owing to safeguard; Other information processors are distributed to temporarily the state at this terminal
The remote operation apparatus at said terminal,
When in the memory device of said address, storing vacation when distributing to the address of self terminal information processing unit; Address to this information processor is sent in the operation information of importing on the input unit at this terminal; Receive image information from this information processor, and on the display unit at this terminal, show.
3. information processing system according to claim 2 is characterized in that,
The said inquire response equipment of said management server,
Notice for status enquiry; At the operate condition of the said information processor of having confirmed is that power supply is when supplying with interrupt status; With the operate condition of information processor is that the affirmation that power supply supply interrupt status and the vacation of whether carrying out information processor distribute is notified to the terminal of status enquiry notification source; Only receive the vacation of carrying out information processor and distribute under the situation of notice of order, send to the terminal of status enquiry notification source that to be illustrated in the terminal distribution state of storing in the said distribution state memory device be the address of the information processor of unallocated state at terminal from the status enquiry notification source;
The status enquiry equipment at said terminal,
The affirmation notice that the vacation of whether carrying out information processor that demonstration receives from said management server on the display unit at this terminal distributes has or not the vacation of importing on the input unit at this terminal to distribute to said management server notice.
4. information processing system according to claim 2 is characterized in that,
The power supply of said information processor is supplied with interrupt notification equipment,
Notifying said information processor itself to supply with from power supply to said management server interrupts restoring;
The status enquiry equipment at said terminal,
When in the memory device of said address, storing the address that false distribute to self terminal information processing unit; The inquiry of the recovery that should distribute to self terminal information processing unit; Address to the said management server in the memory device of said address, stored is notified; When said management server receives the notice of restoring order, the address of self terminal information processing unit should false be distributed in deletion from the memory device of said address;
The status management apparatus of said management server,
Notice for restoring changes to normal condition to the operate condition of the information processor of the recovery notification source of in said operate condition memory device, storing;
The said inquire response equipment of said management server,
For the notice of restoring inquiry, when the operate condition of the said information processor that is determined is normal condition, be the terminal that the normal condition notice is restored the inquiry notification source with the operate condition of information processor.
5. information processing system according to claim 3 is characterized in that,
The power supply of said information processor is supplied with interrupt notification equipment,
Notifying said information processor itself to supply with from power supply to said management server interrupts restoring;
The status enquiry equipment at said terminal,
When in the memory device of said address, storing the address that false distribute to self terminal information processing unit; The inquiry of the recovery that should distribute to self terminal information processing unit; Address to the said management server in this address memory device, stored is notified; Receiving from said management server when having restored the notice of order, the address of self terminal information processing unit should false be distributed in deletion from the memory device of said address;
The status management apparatus of said management server,
Notice for restoring changes to normal condition to the operate condition of the information processor of the recovery notification source of in said operate condition memory device, storing;
The said inquire response equipment of said management server,
For the notice of restoring inquiry, when the operate condition of the said information processor that is determined is normal condition, be the terminal that the normal condition notice is restored the inquiry notification source with the operate condition of information processor.
6. according to any described information processing system in the claim 1 to 5, it is characterized in that,
Said address memory device is to constitute the device that can communicate by letter with said terminal, separate with said terminal.
7. a management server is used for management and distributes to the terminal information processing unit, it is characterized in that having:
The distribution state memory device, it stores in a plurality of information processors the terminal distribution state of each; With
Allocation manager equipment; It is for request for allocation; Being illustrated in the terminal distribution state of storing in the said distribution state memory device is the address of the information processor of unallocated state; Send the terminal in source to this request for allocation and notify, and the terminal distribution state of this information processor of in said distribution state memory device, storing, never distribution state is updated to expression and should distributes to the state that this request for allocation is sent the terminal in source;
The operate condition memory device, it stores each the operate condition in said a plurality of information processor; With
The operate condition management equipment; Its each from said a plurality of information processors obtains operate condition; Upgrade said operate condition memory device; For the notice of virus infections, retrieval has the record of the network address of virus infections notification source from said operate condition memory device, changes to the virus infections state to the operate condition of in the field of the record that retrieves, logining.
8. management server according to claim 7 is characterized in that,
Said management server also has:
Inquire response equipment; It is for the notice of status enquiry; Use said distribution state memory device to confirm distribute to the terminal information processing unit of status enquiry notification source; When the operate condition of this information processor that is determined of in said operate condition memory device, storing is the virus infections state, with the operate condition of information processor be the virus infections state to the terminal of status enquiry notification source notice, be that power supply is when supplying with interrupt status at the operate condition of the said information processor that is determined; With the operate condition of information processor is that power supply is supplied with interrupt status to the terminal of status enquiry notification source notice; And, be the address of the information processor of unallocated state being illustrated in the terminal distribution state of storing in the said distribution state memory device, send to the terminal of status enquiry notification source.
9. a terminal is used for remote operation by the information processor that management server distributes, and it is characterized in that having:
Request for allocation equipment; It is when storage should be distributed to the address of self terminal information processing unit in the memory device of the address of the address of storing said management server at least; Request for allocation is sent in address for the said management server of in this address memory device, storing; Receive the address that distribute to self terminal information processing unit from said management server, be stored in the memory device of said address; With
Remote operation apparatus; When it stores the address that distribute to self terminal information processing unit in the memory device of said address; Address to this information processor is sent in the operation information of importing on the input unit at this terminal; Receive image information from this information processor, and on the display unit at this terminal, show.
10. the distribution method of an information processor; Be used for having through the interconnected a plurality of information processors of network, the management server of managing said information processor and a plurality of terminal information treatment system to terminal distribution information; It is characterized in that
Said management server,
For request for allocation; In said a plurality of information processors; Is the terminal distribution state address of the information processor of unallocated state; Send the terminal in source to this request for allocation and notify, and the terminal distribution state of this information processor, never distribution state is updated to expression and distributes to the state that this request for allocation is sent the terminal in source;
For in said a plurality of information processors each is stored the action status information of said information processor; And
From said a plurality of information processors each obtains operate condition; Upgrade said action status information; Notice for virus infections; Retrieval has the record of the network address of virus infections notification source from said action status information, changes to the virus infections state to the operate condition of in the field of the record that retrieves, logining
Said terminal,
At least store the address of said management server;
When storage should not distributed to the address of self terminal information processing unit, said management server is sent request for allocation, receive address and the storage that distribute to self terminal information processing unit from said management server; And
When storing the address that distribute to self terminal information processing unit; Address to this information processor is sent in the operation information of importing on the input unit at this terminal; Receive image information from this information processor, and on the display unit at this terminal, show
Said information processor,
Receive operation information from said terminal, the content of operation of representing according to this operation information carries out information processing, and the image information of representing its result is sent to this terminal; And
Detect the virus infections of self information processing unit; And after detecting virus infections, isolate and perhaps remove the virus that has infected; If said management server is then notified in said isolation or removing failure, cut off of the connection of self information processing unit to said network through the driver that stops said network of network interface card; Wherein, said self information processing unit is away from said terminal.
CN200610058399.4A 2005-11-10 2006-03-03 Information processing system and method of assigning information processing device Expired - Fee Related CN1964262B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2005326218A JP4001297B2 (en) 2005-11-10 2005-11-10 Information processing system and its management server
JP2005-326218 2005-11-10
JP2005326218 2005-11-10

Publications (2)

Publication Number Publication Date
CN1964262A CN1964262A (en) 2007-05-16
CN1964262B true CN1964262B (en) 2012-05-23

Family

ID=37776891

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200610058399.4A Expired - Fee Related CN1964262B (en) 2005-11-10 2006-03-03 Information processing system and method of assigning information processing device

Country Status (4)

Country Link
US (1) US20070106776A1 (en)
EP (1) EP1786167A3 (en)
JP (1) JP4001297B2 (en)
CN (1) CN1964262B (en)

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7724703B2 (en) 2005-10-13 2010-05-25 Belden, Inc. System and method for wireless network monitoring
US8638762B2 (en) 2005-10-13 2014-01-28 Trapeze Networks, Inc. System and method for network integrity
US7558266B2 (en) * 2006-05-03 2009-07-07 Trapeze Networks, Inc. System and method for restricting network access using forwarding databases
US8966018B2 (en) 2006-05-19 2015-02-24 Trapeze Networks, Inc. Automated network device configuration and network deployment
US9258702B2 (en) 2006-06-09 2016-02-09 Trapeze Networks, Inc. AP-local dynamic switching
US8818322B2 (en) 2006-06-09 2014-08-26 Trapeze Networks, Inc. Untethered access point mesh system and method
US8340110B2 (en) 2006-09-15 2012-12-25 Trapeze Networks, Inc. Quality of service provisioning for wireless networks
JP4932413B2 (en) * 2006-09-29 2012-05-16 株式会社日立製作所 Environment migration system, terminal device, information processing device, management server, portable storage medium
JP4926636B2 (en) * 2006-09-29 2012-05-09 株式会社日立製作所 Information processing system and terminal
JP5138359B2 (en) * 2007-12-27 2013-02-06 エヌ・ティ・ティ アイティ株式会社 Remote access method
US20090037537A1 (en) * 2007-08-01 2009-02-05 International Business Machines Corporation Tracking Electronic Mail History
US8902904B2 (en) 2007-09-07 2014-12-02 Trapeze Networks, Inc. Network assignment based on priority
US8238942B2 (en) 2007-11-21 2012-08-07 Trapeze Networks, Inc. Wireless station location detection
JP2009145969A (en) * 2007-12-11 2009-07-02 Nippon Telegr & Teleph Corp <Ntt> Setting information setting system and setting information setting method
US8978105B2 (en) 2008-07-25 2015-03-10 Trapeze Networks, Inc. Affirming network relationships and resource access via related networks
US8238298B2 (en) 2008-08-29 2012-08-07 Trapeze Networks, Inc. Picking an optimal channel for an access point in a wireless network
US8484737B1 (en) * 2008-11-10 2013-07-09 Symantec Corporation Techniques for processing backup data for identifying and handling content
JP5193010B2 (en) * 2008-12-08 2013-05-08 株式会社日立製作所 Report data creation system, report data creation method, computer apparatus, connection management server, and database server
JP4947069B2 (en) * 2009-02-19 2012-06-06 日本電気株式会社 Network security system and remote machine isolation method
CN103632069B (en) * 2013-11-19 2017-02-01 北京奇安信科技有限公司 Terminal safety managing method and device in internal network
EP3451220B1 (en) * 2016-04-25 2021-07-14 Yokogawa Electric Corporation Erasing device
CN113296920B (en) * 2020-02-24 2023-08-01 国家广播电视总局广播电视科学研究院 Equipment remote control system and method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1168068A (en) * 1996-04-17 1997-12-17 夏普株式会社 Trading system using mobile communications
CN1310393A (en) * 2000-02-24 2001-08-29 英业达股份有限公司 Computer viral infection preventing method
CN1406354A (en) * 2000-12-28 2003-03-26 松下电器产业株式会社 Information processing system
JP2003345622A (en) * 2002-05-27 2003-12-05 Nec Fielding Ltd Maintenance system for customer system, device to be maintained, device and method for maintenance, and program
EP1592168A1 (en) * 2004-04-27 2005-11-02 Microsoft Corporation System and methods for policy conformance verification in communication networks

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5964891A (en) * 1997-08-27 1999-10-12 Hewlett-Packard Company Diagnostic system for a distributed data access networked system
US8165155B2 (en) * 2004-07-01 2012-04-24 Broadcom Corporation Method and system for a thin client and blade architecture
US6643690B2 (en) * 1998-12-29 2003-11-04 Citrix Systems, Inc. Apparatus and method for determining a program neighborhood for a client node in a client-server network
JP2003030072A (en) * 2001-07-18 2003-01-31 Matsushita Electric Ind Co Ltd Method and device for substituting remote control
US7925737B2 (en) * 2001-09-17 2011-04-12 Hewlett-Packard Development Company, L.P. System and method for dynamic configuration of network resources
US7213065B2 (en) * 2001-11-08 2007-05-01 Racemi, Inc. System and method for dynamic server allocation and provisioning
JP2003248668A (en) * 2002-02-26 2003-09-05 Hitachi Ltd Data center resource management method and operation method
US7124176B2 (en) * 2002-08-30 2006-10-17 Sun Microsystems, Inc. Discovering thin-client parameters in an enterprise network environment
US7765299B2 (en) * 2002-09-16 2010-07-27 Hewlett-Packard Development Company, L.P. Dynamic adaptive server provisioning for blade architectures
US20040088410A1 (en) * 2002-11-06 2004-05-06 Flynn Thomas J. Computer network architecture
US7636917B2 (en) * 2003-06-30 2009-12-22 Microsoft Corporation Network load balancing with host status information
US7463590B2 (en) * 2003-07-25 2008-12-09 Reflex Security, Inc. System and method for threat detection and response
US7966391B2 (en) * 2004-05-11 2011-06-21 Todd J. Anderson Systems, apparatus and methods for managing networking devices
KR20070039597A (en) * 2004-07-23 2007-04-12 사이트릭스 시스템스, 인크. A method and system for securing remote access to private networks
US7509406B2 (en) * 2004-09-30 2009-03-24 Microsoft Corporation Managing terminal services accounts and sessions for online utilization of a hosted application
US7702777B2 (en) * 2004-12-28 2010-04-20 Lenovo Pte Ltd. Centralized software maintenance of blade computer system
US7370227B2 (en) * 2005-01-27 2008-05-06 International Business Machines Corporation Desktop computer blade fault identification system and method
JP4663497B2 (en) * 2005-12-01 2011-04-06 株式会社日立製作所 Information processing system and information processing apparatus assignment management method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1168068A (en) * 1996-04-17 1997-12-17 夏普株式会社 Trading system using mobile communications
CN1310393A (en) * 2000-02-24 2001-08-29 英业达股份有限公司 Computer viral infection preventing method
CN1406354A (en) * 2000-12-28 2003-03-26 松下电器产业株式会社 Information processing system
JP2003345622A (en) * 2002-05-27 2003-12-05 Nec Fielding Ltd Maintenance system for customer system, device to be maintained, device and method for maintenance, and program
EP1592168A1 (en) * 2004-04-27 2005-11-02 Microsoft Corporation System and methods for policy conformance verification in communication networks

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
全文.

Also Published As

Publication number Publication date
US20070106776A1 (en) 2007-05-10
EP1786167A2 (en) 2007-05-16
EP1786167A3 (en) 2012-03-14
CN1964262A (en) 2007-05-16
JP4001297B2 (en) 2007-10-31
JP2007133666A (en) 2007-05-31

Similar Documents

Publication Publication Date Title
CN1964262B (en) Information processing system and method of assigning information processing device
CN102971722B (en) Systems and methods for creation and delivery of encrypted virtual disks
JP5340610B2 (en) Computer system, method and computer program for managing a plurality of components
US10657232B2 (en) Information processing apparatus and method of controlling information processing apparatus
CN100590595C (en) Information processing device and process control method
CN104205723A (en) Identity services for organizations transparently hosted in the cloud
JP6232136B2 (en) Force encryption on connected devices
KR20150023950A (en) Contextual history of computing objects
EP3533200B1 (en) Fault tolerant automatic secret rotation
US20170126908A1 (en) Robust mesh printer network with distributed queue management
US10114939B1 (en) Systems and methods for secure communications between devices
CN111756684B (en) Method, system and non-transitory computer-readable storage medium for transmitting critical data
US10404635B2 (en) Optimizing data replication across multiple data centers
US11799839B2 (en) Cross-regional replication of keys
JP4550857B2 (en) Information processing apparatus allocation method, management server and terminal for executing the method
US11593211B2 (en) Applying a failure management policy during updating of components at an information handling system
JP6578770B2 (en) License number management system, license number management apparatus, license number management program, and license number management method
JP2006202143A (en) Terminal information collection system, terminal information collecting method, central apparatus, and computer program
JP7305898B2 (en) Operation response method, operation response device, electronic device and storage medium
US20220407834A1 (en) Using natural language processing to enable communication across messaging platforms
US20230034196A1 (en) Techniques for providing synchronous and asynchronous data processing
JP4082430B2 (en) Printing apparatus and recording medium
WO2011070676A1 (en) Information processor, control method for information processor, control program for information processor, and control program for system controller
JP6032092B2 (en) Network system
JP2019128821A (en) Terminal device, terminal device control method, program, file sharing system, and file sharing system control method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120523

Termination date: 20140303